====================================================================

                              CERT-Renater

                 Note d'Information No. 2017/VULN267
_____________________________________________________________________

DATE                : 20/09/2017

HARDWARE PLATFORM(S):  /

OPERATING SYSTEM(S): Systems running Xcode versions prior to 9.

=====================================================================
https://lists.apple.com/archives/security-announce/2017/Sep/msg00001.html
____________________________________________________________________


APPLE-SA-2017-09-19-3 Xcode 9

Xcode 9 is now available and addresses the following:

Git
Available for:  macOS Sierra 10.12.6 or later
Impact: Checking out a maliciously crafted repository may lead to
arbitrary code execution
Description: An ssh:// URL scheme handling issue was addressed
through improved input validation.
CVE-2017-1000117

ld64
Available for:  macOS Sierra 10.12.6 or later
Impact: Parsing a maliciously crafted Mach-O file may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7076: riusksk (泉哥) of Tencent Security Platform Department
CVE-2017-7134: riusksk (泉哥) of Tencent Security Platform Department
CVE-2017-7135: riusksk (泉哥) of Tencent Security Platform Department
CVE-2017-7136: riusksk (泉哥) of Tencent Security Platform Department
CVE-2017-7137: riusksk (泉哥) of Tencent Security Platform Department

subversion
Available for:  macOS Sierra 10.12.6 or later
Impact: Checking out a maliciously crafted repository may lead to
arbitrary code execution
Description: An input validation issue was addressed through improved
input validation.
CVE-2017-9800

Installation note:

Xcode 9 may be obtained from:

https://developer.apple.com/xcode/downloads/

To check that the Xcode has been updated:

* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "9".

Information will also be posted to the Apple Security Updates
web site:
https://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:

https://www.apple.com/support/security/pgp/


==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================